CAS-002 Online Practice Questions and Answers

Warehouse users are reporting performance issues at the end of each month when trying to access cloud applications to complete their end of the month financial reports. They have no problem accessing those applications at the beginning of the month. Network information: DMZ network ?192.168.5.0/24 VPN network ?192.168.1.0/24 Datacenter ?192.168.2.0/24 User network - 192.168.3.0/24

HR network ?192.168.4.0/24 Warehouse network ?192.168.6.0/24 Finance network 192.168.7.0/24

Traffic shaper configuration: VLAN Bandwidth limit (Mbps) VPN50 User175 HR220 Finance230 Warehouse75 Guest50 External firewall allows all networks to access the Internet.

Internal Firewall Rules: ActionSourceDestination Permit192.168.1.0/24192.168.2.0/24 Permit192.168.1.0/24192.168.3.0/24 Permit192.168.1.0/24192.168.5.0/24 Permit192.168.2.0/24192.168.1.0/24

Permit192.168.3.0/24192.168.1.0/24

Permit192.168.5.0/24192.168.1.0/24

Permit192.168.4.0/24192.168.7.0/24

Permit192.168.7.0/24192.168.4.0/24

Permit192.168.7.0/24any

Deny192.168.4.0/24any

Deny192.168.1.0/24192.168.4.0/24 Denyanyany

Which of the following restrictions is the MOST likely cause?

A. Bandwidth limit on the traffic shaper for the finance department

B. Proxy server preventing the warehouse from accessing cloud applications

C. Deny statements in the firewall for the warehouse network

D. Bandwidth limit on the traffic shaper for the warehouse department

Joe, the Chief Executive Officer (CEO), was an Information security professor and a Subject Matter Expert for over 20 years. He has designed a network defense method which he says is significantly better than prominent international

standards. He has recommended that the company use his cryptographic method.

Which of the following methodologies should be adopted?

A. The company should develop an in-house solution and keep the algorithm a secret.

B. The company should use the CEO's encryption scheme.

C. The company should use a mixture of both systems to meet minimum standards.

D. The company should use the method recommended by other respected information security organizations.

After connecting to a secure payment server at https://pay.xyz.com, an auditor notices that the SSL certificate was issued to *.xyz.com. The auditor also notices that many of the internal development servers use the same certificate. After installing the certificate on dev1.xyz.com, one of the developers reports misplacing the USB thumb-drive where the SSL certificate was stored. Which of the following should the auditor recommend FIRST?

A. Generate a new public key on both servers.

B. Replace the SSL certificate on dev1.xyz.com.

C. Generate a new private key password for both servers.

D. Replace the SSL certificate on pay.xyz.com.

The Universal Research Association has just been acquired by the Association of Medical Business Researchers. The new conglomerate has funds to upgrade or replace hardware as part of the acquisition, but cannot fund labor for major software projects. Which of the following will MOST likely result in some IT resources not being integrated?

A. One of the companies may use an outdated VDI.

B. Corporate websites may be optimized for different web browsers.

C. Industry security standards and regulations may be in conflict.

D. Data loss prevention standards in one company may be less stringent.

The threat abatement program manager tasked the software engineer with identifying the fastest implementation of a hash function to protect passwords with the least number of collisions. Which of the following should the software engineer implement to best meet the requirements?

A. hash = sha512(password + salt); for (k = 0; k < 4000; k++) { hash = sha512 (hash); }

B. hash = md5(password + salt); for (k = 0; k < 5000; k++) { hash = md5 (hash); }

C. hash = sha512(password + salt); for (k = 0; k < 3000; k++) { hash = sha512 (hash + password + salt); }

D. hash1 = sha1(password + salt); hash = sha1 (hash1);

Joe, the Chief Executive Officer (CEO), was an Information security professor and a Subject Matter Expert for over 20 years. He has designed a network defense method which he says is significantly better than prominent international

standards. He has recommended that the company use his cryptographic method.

Which of the following methodologies should be adopted?

A. The company should develop an in-house solution and keep the algorithm a secret.

B. The company should use the CEO's encryption scheme.

C. The company should use a mixture of both systems to meet minimum standards.

D. The company should use the method recommended by other respected information security organizations.

An employee of a company files a complaint with a security administrator. While sniffing network traffic, the employee discovers that financially confidential emails were passing between two warehouse users. The two users deny sending confidential emails to each other. Which of the following security practices would allow for non-repudiation and prevent network sniffers from reading the confidential mail? (Select TWO).

A. Transport encryption

B. Authentication hashing

C. Digital signature

D. Legal mail hold

E. TSIG code signing

An administrator receives reports that the network is running slow for users connected to a certain switch. Viewing the network traffic, the administrator reviews the following:

18:51:59.042108 IP linuxwksta.55467 > dns.company.com.domain: 39462+ PTR? 222.17.4.10.in- addr.arpa. (42)

18:51:59.055732 IP dns.company.com.domain > linuxwksta.55467: 39462 NXDomain 0/0/0 (42)

18:51:59.055842 IP linuxwksta.48287 > dns.company.com.domain: 46767+ PTR? 255.19.4.10.in- addr.arpa. (42)

18:51:59.069816 IP dns.company.com.domain > linuxwksta.48287: 46767 NXDomain 0/0/0 (42)

18:51:59.159060 IP linuxwksta.42491 > 10.4.17.72.iscsi-target: Flags [P.], seq 1989625106:1989625154, ack 2067334822, win 1525, options [nop,nop,TS val 16021424 ecr 215646227], length 48

18:51:59.159145 IP linuxwksta.48854 > dns.company.com.domain: 3834+ PTR? 72.17.4.10.in-addr.arpa.

(41)

18:51:59.159314 IP 10.4.17.72.iscsi-target > linuxwksta.42491: Flags [P.], seq 1:49, ack 48, win 124, options [nop,nop,TS val 215647479 ecr 16021424], length

18:51:59.159330 IP linuxwksta.42491 > 10.4.17.72.iscsi-target: Flags [.], ack 49, win 1525, options [nop,nop,TS val 16021424 ecr 215647479], length 0

18:51:59.165342 IP dns.company.com.domain > linuxwksta.48854: 3834 NXDomain 0/0/0 (41)

18:51:59.397461 ARP, Request who-has 10.4.16.58 tell 10.4.16.1, length 46

18:51:59.397597 IP linuxwksta.37684 > dns.company.com.domain: 15022+ PTR? 58.16.4.10.in-addr.arpa.

(41)

Given the traffic report, which of the following is MOST likely causing the slow traffic?

A.

DNS poisoning

B.

Improper network zoning

C.

ARP poisoning

D.

Improper LUN masking

A security administrator has finished building a Linux server which will host multiple virtual machines through hypervisor technology. Management of the Linux server, including monitoring server performance, is achieved through a third party web enabled application installed on the Linux server. The security administrator is concerned about vulnerabilities in the web application that may allow an attacker to retrieve data from the virtual machines.

Which of the following will BEST protect the data on the virtual machines from an attack?

A. The security administrator must install the third party web enabled application in a chroot environment.

B. The security administrator must install a software firewall on both the Linux server and the virtual machines.

C. The security administrator must install anti-virus software on both the Linux server and the virtual machines.

D. The security administrator must install the data exfiltration detection software on the perimeter firewall.

Company ABC has recently completed the connection of its network to a national high speed private research network. Local businesses in the area are seeking sponsorship from Company ABC to connect to the high speed research network by directly connecting through Company ABC's network. Company ABC's Chief Information Officer (CIO) believes that this is an opportunity to increase revenues and visibility for the company, as well as promote research and development in the area.

Which of the following must Company ABC require of its sponsored partners in order to document the technical security requirements of the connection?

A. SLA

B. ISA

C. NDA

D. BPA